vulnerability
Jenkins Advisory 2015-02-27: HudsonPrivateSecurityRealm allows creation of reserved names
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:H/Au:S/C:P/I:P/A:P) | Nov 13, 2017 | Nov 13, 2017 | Apr 14, 2025 |
Severity
5
CVSS
(AV:N/AC:H/Au:S/C:P/I:P/A:P)
Published
Nov 13, 2017
Added
Nov 13, 2017
Modified
Apr 14, 2025
Description
For users using "Jenkins own user database" setting, Jenkins doesn’t refuse reserved names, thus allowing privilege escalation.
Solutions
jenkins-lts-upgrade-1_596_1jenkins-upgrade-1_600
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.